Hello community, here is the log from the commit of package python-paramiko for openSUSE:Factory checked in at 2019-02-17 12:19:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-paramiko (Old) and /work/SRC/openSUSE:Factory/.python-paramiko.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-paramiko" Sun Feb 17 12:19:00 2019 rev:43 rq:676253 version:2.4.2 Changes: -------- --- /work/SRC/openSUSE:Factory/python-paramiko/python-paramiko.changes 2019-01-08 12:17:16.688993221 +0100 +++ /work/SRC/openSUSE:Factory/.python-paramiko.new.28833/python-paramiko.changes 2019-02-17 12:19:03.680238144 +0100 @@ -1,0 +2,16 @@ +Thu Feb 14 20:49:56 UTC 2019 - Hans-Peter Jansen <h...@urpla.net> + +- add empty line after %autopatch: build fails up to 42.3 otherwise + +------------------------------------------------------------------- +Thu Feb 14 17:00:13 UTC 2019 - Ondřej Súkup <mimi...@gmail.com> + +- drop python-pytest_relaxed dependency +- add patches: + 1311.patch - fix warnings + 1379.patch - fix support for gssapi + relaxed.patch - remove unnecessary pytest_relaxed dep +- remove patch: + disable-gssapi.patch - supersseded + +------------------------------------------------------------------- Old: ---- disable-gssapi.patch New: ---- 1311.patch 1379.patch relaxed.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-paramiko.spec ++++++ --- /var/tmp/diff_new_pack.mEWITf/_old 2019-02-17 12:19:06.248237440 +0100 +++ /var/tmp/diff_new_pack.mEWITf/_new 2019-02-17 12:19:06.264237435 +0100 @@ -29,22 +29,25 @@ # certificates needed by testsuite Source1: cert_support.tar.gz Patch0: paramiko-test_extend_timeout.patch -Patch1: disable-gssapi.patch +Patch2: relaxed.patch +Patch3: 1311.patch +Patch4: 1379.patch BuildRequires: %{python_module PyNaCl >= 1.0.1} BuildRequires: %{python_module bcrypt >= 3.1.3} -BuildRequires: %{python_module cryptography >= 1.1} +BuildRequires: %{python_module cryptography >= 2.5} +BuildRequires: %{python_module gssapi} BuildRequires: %{python_module pyasn1 >= 0.1.7} BuildRequires: %{python_module setuptools} BuildRequires: fdupes BuildRequires: python-rpm-macros +Recommends: python-gssapi Requires: python-PyNaCl >= 1.0.1 Requires: python-bcrypt >= 3.1.3 -Requires: python-cryptography >= 1.5 +Requires: python-cryptography >= 2.5 Requires: python-pyasn1 >= 0.1.7 BuildArch: noarch %if %{with test} BuildRequires: %{python_module mock} -BuildRequires: %{python_module pytest-relaxed} BuildRequires: %{python_module pytest} %endif %python_subpackages @@ -70,8 +73,8 @@ %prep %setup -q -n paramiko-%{version} -%patch0 -p1 -%patch1 -p1 +%autopatch -p1 + # Fix non-executable script rpmlint issue: find demos -name "*.py" -exec sed -i "/#\!\/usr\/bin\/.*/d" {} \; tar xvzf %{SOURCE1} -C tests/ ++++++ disable-gssapi.patch -> 1311.patch ++++++ ++++ 1173 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/python-paramiko/disable-gssapi.patch ++++ and /work/SRC/openSUSE:Factory/.python-paramiko.new.28833/1311.patch ++++++ disable-gssapi.patch -> 1379.patch ++++++ --- /work/SRC/openSUSE:Factory/python-paramiko/disable-gssapi.patch 2018-11-18 23:21:24.730262748 +0100 +++ /work/SRC/openSUSE:Factory/.python-paramiko.new.28833/1379.patch 2019-02-17 12:19:03.484238198 +0100 @@ -1,13 +1,172 @@ -Index: paramiko-2.4.2/paramiko/ssh_gss.py +From 36fbe57629cbbb7bf0f4a1e98c43352b82fe181d Mon Sep 17 00:00:00 2001 +From: Andrew Wason <rectalo...@rectalogic.com> +Date: Wed, 6 Feb 2019 10:56:53 -0500 +Subject: [PATCH 1/4] Move to cryptography 2.5 and stop using deprecated APIs. + +Fixes #1369 +--- + paramiko/ecdsakey.py | 4 ++-- + paramiko/kex_ecdh_nist.py | 37 +++++++++++++++++++++++++++++-------- + setup.py | 2 +- + tests/test_kex.py | 12 ++++++------ + 5 files changed, 40 insertions(+), 19 deletions(-) + +Index: paramiko-2.4.2/paramiko/ecdsakey.py =================================================================== ---- paramiko-2.4.2.orig/paramiko/ssh_gss.py -+++ paramiko-2.4.2/paramiko/ssh_gss.py -@@ -53,7 +53,7 @@ try: - import gssapi - - GSS_EXCEPTIONS = (gssapi.GSSException,) --except (ImportError, OSError): -+except (ImportError, OSError, AttributeError): - try: - import pywintypes - import sspicon +--- paramiko-2.4.2.orig/paramiko/ecdsakey.py ++++ paramiko-2.4.2/paramiko/ecdsakey.py +@@ -160,12 +160,12 @@ class ECDSAKey(PKey): + + pointinfo = msg.get_binary() + try: +- numbers = ec.EllipticCurvePublicNumbers.from_encoded_point( ++ key = ec.EllipticCurvePublicKey.from_encoded_point( + self.ecdsa_curve.curve_class(), pointinfo + ) ++ self.verifying_key = key + except ValueError: + raise SSHException("Invalid public key") +- self.verifying_key = numbers.public_key(backend=default_backend()) + + @classmethod + def supported_key_format_identifiers(cls): +Index: paramiko-2.4.2/paramiko/kex_ecdh_nist.py +=================================================================== +--- paramiko-2.4.2.orig/paramiko/kex_ecdh_nist.py ++++ paramiko-2.4.2/paramiko/kex_ecdh_nist.py +@@ -9,6 +9,7 @@ from paramiko.py3compat import byte_chr, + from paramiko.ssh_exception import SSHException + from cryptography.hazmat.backends import default_backend + from cryptography.hazmat.primitives.asymmetric import ec ++from cryptography.hazmat.primitives import serialization + from binascii import hexlify + + _MSG_KEXECDH_INIT, _MSG_KEXECDH_REPLY = range(30, 32) +@@ -36,7 +37,12 @@ class KexNistp256: + m = Message() + m.add_byte(c_MSG_KEXECDH_INIT) + # SEC1: V2.0 2.3.3 Elliptic-Curve-Point-to-Octet-String Conversion +- m.add_string(self.Q_C.public_numbers().encode_point()) ++ m.add_string( ++ self.Q_C.public_bytes( ++ serialization.Encoding.X962, ++ serialization.PublicFormat.UncompressedPoint, ++ ) ++ ) + self.transport._send_message(m) + self.transport._expect_packet(_MSG_KEXECDH_REPLY) + +@@ -58,11 +64,11 @@ class KexNistp256: + + def _parse_kexecdh_init(self, m): + Q_C_bytes = m.get_string() +- self.Q_C = ec.EllipticCurvePublicNumbers.from_encoded_point( ++ self.Q_C = ec.EllipticCurvePublicKey.from_encoded_point( + self.curve, Q_C_bytes + ) + K_S = self.transport.get_server_key().asbytes() +- K = self.P.exchange(ec.ECDH(), self.Q_C.public_key(default_backend())) ++ K = self.P.exchange(ec.ECDH(), self.Q_C) + K = long(hexlify(K), 16) + # compute exchange hash + hm = Message() +@@ -75,7 +81,12 @@ class KexNistp256: + hm.add_string(K_S) + hm.add_string(Q_C_bytes) + # SEC1: V2.0 2.3.3 Elliptic-Curve-Point-to-Octet-String Conversion +- hm.add_string(self.Q_S.public_numbers().encode_point()) ++ hm.add_string( ++ self.Q_S.public_bytes( ++ serialization.Encoding.X962, ++ serialization.PublicFormat.UncompressedPoint, ++ ) ++ ) + hm.add_mpint(long(K)) + H = self.hash_algo(hm.asbytes()).digest() + self.transport._set_K_H(K, H) +@@ -84,7 +95,12 @@ class KexNistp256: + m = Message() + m.add_byte(c_MSG_KEXECDH_REPLY) + m.add_string(K_S) +- m.add_string(self.Q_S.public_numbers().encode_point()) ++ m.add_string( ++ self.Q_S.public_bytes( ++ serialization.Encoding.X962, ++ serialization.PublicFormat.UncompressedPoint, ++ ) ++ ) + m.add_string(sig) + self.transport._send_message(m) + self.transport._activate_outbound() +@@ -92,11 +108,11 @@ class KexNistp256: + def _parse_kexecdh_reply(self, m): + K_S = m.get_string() + Q_S_bytes = m.get_string() +- self.Q_S = ec.EllipticCurvePublicNumbers.from_encoded_point( ++ self.Q_S = ec.EllipticCurvePublicKey.from_encoded_point( + self.curve, Q_S_bytes + ) + sig = m.get_binary() +- K = self.P.exchange(ec.ECDH(), self.Q_S.public_key(default_backend())) ++ K = self.P.exchange(ec.ECDH(), self.Q_S) + K = long(hexlify(K), 16) + # compute exchange hash and verify signature + hm = Message() +@@ -108,7 +124,12 @@ class KexNistp256: + ) + hm.add_string(K_S) + # SEC1: V2.0 2.3.3 Elliptic-Curve-Point-to-Octet-String Conversion +- hm.add_string(self.Q_C.public_numbers().encode_point()) ++ hm.add_string( ++ self.Q_C.public_bytes( ++ serialization.Encoding.X962, ++ serialization.PublicFormat.UncompressedPoint, ++ ) ++ ) + hm.add_string(Q_S_bytes) + hm.add_mpint(K) + self.transport._set_K_H(K, self.hash_algo(hm.asbytes()).digest()) +Index: paramiko-2.4.2/setup.py +=================================================================== +--- paramiko-2.4.2.orig/setup.py ++++ paramiko-2.4.2/setup.py +@@ -73,7 +73,7 @@ setup( + ], + install_requires=[ + "bcrypt>=3.1.3", +- "cryptography>=1.5", ++ "cryptography>=2.5", + "pynacl>=1.0.1", + "pyasn1>=0.1.7", + ], +Index: paramiko-2.4.2/tests/test_kex.py +=================================================================== +--- paramiko-2.4.2.orig/tests/test_kex.py ++++ paramiko-2.4.2/tests/test_kex.py +@@ -42,20 +42,20 @@ def dummy_urandom(n): + def dummy_generate_key_pair(obj): + private_key_value = 94761803665136558137557783047955027733968423115106677159790289642479432803037 + public_key_numbers = "042bdab212fa8ba1b7c843301682a4db424d307246c7e1e6083c41d9ca7b098bf30b3d63e2ec6278488c135360456cc054b3444ecc45998c08894cbc1370f5f989" +- public_key_numbers_obj = ec.EllipticCurvePublicNumbers.from_encoded_point( ++ public_key_numbers_obj = ec.EllipticCurvePublicKey.from_encoded_point( + ec.SECP256R1(), unhexlify(public_key_numbers) +- ) ++ ).public_numbers() + obj.P = ec.EllipticCurvePrivateNumbers( + private_value=private_key_value, public_numbers=public_key_numbers_obj + ).private_key(default_backend()) + if obj.transport.server_mode: +- obj.Q_S = ec.EllipticCurvePublicNumbers.from_encoded_point( ++ obj.Q_S = ec.EllipticCurvePublicKey.from_encoded_point( + ec.SECP256R1(), unhexlify(public_key_numbers) +- ).public_key(default_backend()) ++ ) + return +- obj.Q_C = ec.EllipticCurvePublicNumbers.from_encoded_point( ++ obj.Q_C = ec.EllipticCurvePublicKey.from_encoded_point( + ec.SECP256R1(), unhexlify(public_key_numbers) +- ).public_key(default_backend()) ++ ) + + + class FakeKey(object): ++++++ relaxed.patch ++++++ --- paramiko-2.4.2.orig/tests/test_client.py +++ paramiko-2.4.2/tests/test_client.py @@ -33,7 +33,7 @@ import warnings import weakref from tempfile import mkstemp -from pytest_relaxed import raises +import pytest import paramiko from paramiko.pkey import PublicBlob @@ -662,7 +662,7 @@ class PasswordPassphraseTests(ClientTest): # TODO: more granular exception pending #387; should be signaling "no auth # methods available" because no key and no password - @raises(SSHException) + @pytest.mark.xfail(raises=SSHException) def test_passphrase_kwarg_not_used_for_password_auth(self): # Using the "right" password in the "wrong" field shouldn't work. self._test_connection(passphrase="pygmalion") @@ -683,7 +683,7 @@ class PasswordPassphraseTests(ClientTest): password="television", ) - @raises(AuthenticationException) # TODO: more granular + @pytest.mark.xfail(raises=AuthenticationException) # TODO: more granular def test_password_kwarg_not_used_for_passphrase_when_passphrase_kwarg_given( self ): # noqa